[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)

To: [email protected] (Bill Stewart)
Subject: Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)
From: [email protected] (Dr. Frederick B. Cohen)
Date: Sat, 30 Sep 1995 06:39:59 -0400 (EDT)
Cc: [email protected]
In-Reply-To: <[email protected]> from "Bill Stewart" at Sep 29, 95 10:16:35 am
Sender: [email protected]

...
> >The attack is based on two particularly interesting three-byte key
> >prefixes which have a high probability of producing PRNG sequences
> >which start with a known two-byte sequence. The prefixes are:
> >1.  Keys starting with "00 00 FD" which have a 14% probability of
> >    generating sequences which start "00 00".
> >2.  Keys starting with "03 FD FC" which have a 5% probability of
> >    generating sequences which start "FF 03".
> [much interesting work deleted]
> 
> It sounds like any application using RC4 with random session keys
> should start by testing session keys and rejecting any that
> start with 00 00 or 03 FD; it means doing 2**-15 more random key
> generations, and reducing the brute-force space by 2**-15,
> but it's a pretty small reduction.

The problem is that if these keys are weak, there may be many others
that are also weak.  In fact, by the time we explore all of the
weaknesses, we may find the system is no longer very strong at all. 

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236

References:
- Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)
  - From: Bill Stewart <[email protected]>

Prev by Date: Re: [[email protected]: Re: The owls are not what they seem]
Next by Date: RTR-3 Package/Bomb Inspection System
Prev by thread: Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)
Next by thread: RE: Cryptanalysis of RC4 - Preliminary Results (Repeat)
Index(es):
- Date
- Thread